Authorization permission on ms learn sandbox #30789
Description
Describe the bug
Hi,
having this trouble, I'd like to know if the next error message is solved by adquiring the correct permissions - authorizations:
PS C:\WINDOWS\system32> az group create --name domingo_dev --location spaincentral
(AuthorizationFailed) The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
the account details are:
{
"environmentName": "AzureCloud",
"homeTenantId": "604c1504-c6a3-4080-81aa-b33091104187",
"id": "fcfd8558-600b-4e8c-8fc6-61a12221db20",
"isDefault": true,
"managedByTenants": [],
"name": "Concierge Subscription",
"state": "Enabled",
"tenantDefaultDomain": "learn.docs.microsoft.com",
"tenantDisplayName": "Microsoft Learn Sandbox",
"tenantId": "604c1504-c6a3-4080-81aa-b33091104187",
"user": {
"name": "[email protected]",
"type": "user"
}
}
Thanks a lot beforhand for your answer
Related command
az group create
Errors
(AuthorizationFailed) The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Issue script & Debug output
cli.knack.cli: Command arguments: ['group', 'create', '--name', 'domingo_dev', '--location', 'spaincentral', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001EA08BE71A0>, <function OutputProducer.on_global_arguments at 0x000001EA08F88040>, <function CLIQuery.on_global_arguments at 0x000001EA08FA9440>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'group': ['azure.cli.command_modules.resource']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: resource 0.431 52 232
cli.azure.cli.core: Total (1) 0.431 52 232
cli.azure.cli.core: Loaded 52 groups, 232 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : group create
cli.azure.cli.core: Command table: group create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001EA0B255DA0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\domal.azure\commands\2025-02-07.18-33-46.group_create.7740.log'.
az_command_data_logger: command args: group create --name {} --location {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001EA0B29F100>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001EA0B2B54E0>, <function register_cache_arguments..add_cache_arguments at 0x000001EA0B2B5620>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x000001EA0B2B56C0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001EA08F880E0>, <function CLIQuery.handle_query_parameter at 0x000001EA08FA94E0>, <function register_ids_argument..parse_ids_arguments at 0x000001EA0B2B5580>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ResourceManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\domal\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\domal.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187
msal.authority: openid_config("https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 755bc364-6da2-4389-bed0-b11dbbfc8679
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev?api-version=2022-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '28'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'af1984e5-e579-11ef-bb02-9eb6d0b05b03'
cli.azure.cli.core.sdk.policies: 'CommandName': 'group create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--name --location --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.68.0 (ZIP) azsdk-python-core/1.31.0 Python/3.12.8 (Windows-10-10.0.19045-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"location": "spaincentral"}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev?api-version=2022-09-01 HTTP/1.1" 403 431
cli.azure.cli.core.sdk.policies: Response status: 403
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '431'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'gateway'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'ea72dd19-53c3-46ad-9d32-54cd2cf2d465'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'ea72dd19-53c3-46ad-9d32-54cd2cf2d465'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'FRANCESOUTH:20250207T173349Z:ea72dd19-53c3-46ad-9d32-54cd2cf2d465'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 590734ED0D2D405D9AD77E1B0E2A0D34 Ref B: MRS211050313033 Ref C: 2025-02-07T17:33:48Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 07 Feb 2025 17:33:48 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"AuthorizationFailed","message":"The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 666, in execute
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 734, in _run_jobs_serially
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 703, in _run_job
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/init.py", line 336, in call
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 120, in handler
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/resource/custom.py", line 1658, in create_resource_group
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
File "D:\a_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/mgmt/resource/resources/v2022_09_01/operations/_operations.py", line 10597, in create_or_update
azure.core.exceptions.HttpResponseError: (AuthorizationFailed) The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
cli.azure.cli.core.azclierror: (AuthorizationFailed) The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
az_command_data_logger: (AuthorizationFailed) The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#[email protected]' with object id 'ebb57515-b4a1-458d-b8cb-28a709d3b551' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/write' over scope '/subscriptions/fcfd8558-600b-4e8c-8fc6-61a12221db20/resourcegroups/domingo_dev' or the scope is invalid. If access was recently granted, please refresh your credentials.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001EA0B256020>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 1.969 seconds (init: 0.295, invoke: 1.674)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4569 in cache file under C:\Users\domal.azure\telemetry\20250207183348062
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "E:\Descargas\Azure_CLI_LOCAL\python.exe E:\Descargas\Azure_CLI_LOCAL\Lib\site-packages\azure\cli\telemetry_init_.pyc C:\Users\domal.azure C:\Users\domal.azure\telemetry\20250207183348062"
telemetry.process: Return from creating process 10716
telemetry.main: Finish creating telemetry upload process.
Expected behavior
To create a resource group
Environment Summary
azure-cli 2.68.0
core 2.68.0
telemetry 1.1.0
Dependencies:
msal 1.31.1
azure-mgmt-resource 23.1.1
Python location 'E:\Descargas\Azure_CLI_LOCAL\python.exe'
Extensions directory 'C:\Users\domal.azure\cliextensions'
Python (Windows) 3.12.8 (tags/v3.12.8:2dc476b, Dec 3 2024, 19:30:04) [MSC v.1942 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response